Please take action now: a device using your internet connection is infected with malware
Dear Mr xxxxxx,
We’ve now been alerted on three separate occasions that one or more of the devices you use to go on the internet is infected with malicious software (malware). This means there’s a significant risk that your personal data and any financial transactions you’ve made online have been compromised. The details of this alert are below.
On 05 October 2021, avalanche-matsnu, a piece of malware, was detected on a device using your internet connection.
I know I don't. The malware/virus that they specify in each communication only runs on Windows devices. I have 2 devices running windows. 1 is very rarely used and is virus-free after many scans. The other is used often but is also virus free.
I believe this is due to a new type of wifi router I have installed. It connects to other similar hardware in the local area and sends encrypted tech/science data to other such devices. Think of it as a weather station sharing temp, altitude, wind speed etc with other weather stations around the country. To use them we have to forward 1 to 3 ports form the internal IP to the external IP.
Other people involved with these devices have had similar letters/emails. I think the way the data is sent or the patterns somehow mean that servers such as DNS and Spam databases flag my IP as a virus. This is then sent to Virgin Media.
The effect is that some sites like local news and epicgames have blocked my IP address giving a 403 Forbidden error. This I can live with and it doesn't bother me that much.
However, how can I get in touch with VM and show that my machines are virus-free and they can stop sending letters/emails? I'm also more worried about this statement:
We need to let you know that if you don’t get it fixed, to protect others we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy.
16/08/21 - Our reference: VMIS5-MALWARE-F009222891 On 14 August 2021, one detected that matsnu , a piece of malware, was present on a device using your internet connection.
07/09/21 - Our reference: VMIS6-MALWARE-F009259856 On 06 September 2021, kelihos, a piece of malware, was detected on a device using your internet connection.
07/10/21 - Our reference: VMIS7-MALWARE-F009332833 On 05 October 2021, avalanche-matsnu, a piece of malware, was detected on a device using your internet connection.
Any help is greatly appreciated and happy to reward whoever solves this riddle.
Well I have to disagree with VM saying thy will suspend or cancel your broadband service in line with our Acceptable Use Policy. You can't expect everyone to be a expert on how to deal with malware infection you could do a clean install of all windows only to get them infected by your IoT its not like your hub or many home routers do isolation network between all devices as you work out what device is the cause.
“To use them we have to forward 1 to 3 ports form the internal IP to the external IP.” you have the wrong terminology or they have explained it incorrectly. All out going ports are open. You only open incoming ports, that is data sent to your external IP address and redirected to an internal LAN device. This is badly coded software, you should NEVER open ports for other peoples software, it leaves you open to all types of problems. You should only open ports for your own written applications to allow you to access it when you are not at home. I have lots of ports open for my own applications, all for https access covered by my own certificates.
Tudor There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
I've forwarded the information to Internet Security to see if they can shed some more light on this for you, if I need anymore details from you I'll pop you over a private message,
If not I'll get in touch with each DNSBL and try to manually have my IP removed which should stop them contacting VM, which in turn should stop these letters/emails.
I do now have an update from Internet Security, so I'll pop you over a private message so I can discuss this further (purple envelope, top right hand conrner)
I've had several paper letters recently warning me of a "malware infection" related to "generic/avalanche". Also the letter refers to generic/avalanche as "a piece of malware", in fact it isn't any one specific bit of malware, rather a somewhat overly generic classification of a set of behaviours of software. The thing is, there's lots of legitimate software that exhibits the same behaviours as classified here, so there's a very good chance if you are using other anti-virus/anti-malware software that this is a false alarm.
A straw poll of some 20+ other virgin media customers (friends, colleagues, neighbours) suggests they (almost) all started getting similar letters from Virgin around the same time. Coincidence?
As such, I have complained to Virgin about this being scaremongering tactics to sell additional services, and I have submitted a complaint to that effect to the ASA.
